package org.activiti.cloud.services.security;

import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.BooleanExpression;
import java.util.List;
import org.activiti.cloud.services.query.model.QTaskEntity;
import org.activiti.cloud.services.query.model.QVariableEntity;
import org.activiti.runtime.api.identity.UserGroupManager;
import org.activiti.runtime.api.security.SecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/activiti/cloud/services/security/TaskLookupRestrictionService.class */
public class TaskLookupRestrictionService {

    @Autowired
    private UserGroupManager userGroupManager;

    @Autowired
    private SecurityManager securityManager;

    @Value("${activiti.cloud.security.task.restrictions.enabled:true}")
    private boolean restrictionsEnabled;

    public Predicate restrictTaskQuery(Predicate predicate) {
        return restrictTaskQuery(predicate, QTaskEntity.taskEntity);
    }

    public Predicate restrictTaskVariableQuery(Predicate predicate) {
        QTaskEntity qTaskEntity = QVariableEntity.variableEntity.task;
        return restrictTaskQuery(addAndConditionToPredicate(predicate, qTaskEntity.isNotNull()), qTaskEntity);
    }

    private Predicate restrictTaskQuery(Predicate predicate, QTaskEntity qTaskEntity) {
        if (!this.restrictionsEnabled) {
            return predicate;
        }
        String authenticatedUserId = this.securityManager.getAuthenticatedUserId();
        BooleanExpression booleanExpression = null;
        if (authenticatedUserId != null) {
            BooleanExpression addOrConditionToExpression = addOrConditionToExpression(addOrConditionToExpression(null, qTaskEntity.assignee.eq(authenticatedUserId)), qTaskEntity.taskCandidateUsers.any().userId.eq(authenticatedUserId));
            List list = null;
            if (this.userGroupManager != null) {
                list = this.userGroupManager.getUserGroups(authenticatedUserId);
            }
            if (list != null && list.size() > 0) {
                addOrConditionToExpression = addOrConditionToExpression(addOrConditionToExpression, qTaskEntity.taskCandidateGroups.any().groupId.in(list));
            }
            booleanExpression = addOrConditionToExpression(addOrConditionToExpression, qTaskEntity.taskCandidateUsers.isEmpty().and(qTaskEntity.taskCandidateGroups.isEmpty()));
        }
        return addAndConditionToPredicate(predicate, booleanExpression);
    }

    private Predicate addAndConditionToPredicate(Predicate predicate, BooleanExpression booleanExpression) {
        return (booleanExpression == null || predicate == null) ? booleanExpression == null ? predicate : booleanExpression : booleanExpression.and(predicate);
    }

    private BooleanExpression addOrConditionToExpression(BooleanExpression booleanExpression, BooleanExpression booleanExpression2) {
        return (booleanExpression2 == null || booleanExpression == null) ? booleanExpression2 == null ? booleanExpression : booleanExpression2 : booleanExpression2.or(booleanExpression);
    }

    public void setRestrictionsEnabled(boolean z) {
        this.restrictionsEnabled = z;
    }

    public boolean isRestrictionsEnabled() {
        return this.restrictionsEnabled;
    }
}
